bulk ssl upload to F5 from external CA

You could script it... Which obviously would be easier if your cert names relate somehow to your SSL profiles.

 

H

 

Here's something that may work for you. Dump all of your .p12 files to a directory on the BIG-IP (make sure they all have the same export password), and then run this script:

!/bin/bash
if [ "$1" != "" ]; then

    passwd=$1

     process .p12 files
    for g in *.p12
    do
         extract the name from the .p12 file
        pname=`echo $g |awk -F.p12 '{ print $1 }'`

         export the private key
        openssl pkcs12 -in $g -out $pname.key -nodes -clcerts -nocerts -passin pass:$passwd

         export the public key
        openssl pkcs12 -in $g -out $pname.crt -nodes -clcerts -nokeys -passin pass:$passwd
    done

     process exported certificates
    for f in *.crt
    do
         extract the name from the cert file
        fname=`echo $f |awk -F.crt '{ print $1 }'`

         delete the old ones first
        tmsh delete sys crypto cert $fname
        tmsh delete sys crypto key $fname

         import the cert and key
        tmsh install sys crypto cert $fname from-local-file $fname.crt
        tmsh install sys crypto key $fname from-local-file $fname.key

         create clientssl profile based on crt name
        tmsh create ltm profile client-ssl $fname-clientssl cert $fname key $fname
    done
    echo "Done"

else
    echo ""
    echo "Usage: certpush.sh <.p12 export password>"
    echo ""
fi

Use the export password in the argument to run the script. It'll go through all of the .p12 files, export them to individual cert and key, import into filesystem, then create a client SSL profile based on the certificate name (ex. alpha1-clientssl).